Vulnerability Details : CVE-2012-2317
The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty salt string, which might allow remote attackers to bypass authentication by leveraging an application that relies on the PHP crypt function to choose a salt for password hashing.
Products affected by CVE-2012-2317
- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:php5-common:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:php5-common:5.3.3-7\+squeeze4:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
- cpe:2.3:a:canonical:php5:*:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:php5:*:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:php5:5.3.2-1ubuntu4.17:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:php5:5.3.5-1ubuntu7.10:*:*:*:*:*:*:*
Threat overview for CVE-2012-2317
Top countries where our scanners detected CVE-2012-2317
Top open port discovered on systems with this issue
8200
IPs affected by CVE-2012-2317 2,348
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2012-2317!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2012-2317
0.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 66 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-2317
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2012-2317
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2317
-
http://www.openwall.com/lists/oss-security/2012/05/05/2
oss-security - Re: Debian/Ubuntu php_crypt_revamped.patch
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581170
#581170 - php5 crypt() does not complete with emtpy salt - Debian Bug report logs
-
http://www.openwall.com/lists/oss-security/2012/05/04/7
oss-security - Debian/Ubuntu php_crypt_revamped.patch
-
http://www.ubuntu.com/usn/USN-1481-1
USN-1481-1: PHP vulnerabilities | Ubuntu security notices
Jump to